All 6 CVE vulnerabilities found in alf.io, with AI-generated Chinese analysis, references, and POCs.
Vendor: alfio-event
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-45300 | Bypassing promo code limitations with race conditions CWE-362 | 7.5 | High | 2024-09-06 |
| CVE-2024-45299 | alf.io's preloaded data as json is not escaped correctly CWE-116 | 6.5 | Medium | 2024-09-06 |
| CVE-2024-25634 | IDOR make user can read e-mail log sent by other events CWE-497 | 7.2 | High | 2024-02-19 |
| CVE-2024-25635 | IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS CWE-612 | 8.8 | High | 2024-02-19 |
| CVE-2024-25627 | Cross-Site Scripting (XSS) via File Upload in Alf.io CWE-79 | 3.5 | Low | 2024-02-16 |
| CVE-2024-25628 | Insufficient Session Expiration in alf.io CWE-613 | 7.6 | High | 2024-02-16 |
All 6 known CVE vulnerabilities affecting alf.io with full Chinese analysis, references, and POCs where available.